diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch new file mode 100644 index 0000000000..8035ab38cb --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch | |||
@@ -0,0 +1,170 @@ | |||
1 | commit bae7501e87ab614115d9d3213b4dd18d96e604db | ||
2 | Author: Alan Modra <amodra@gmail.com> | ||
3 | Date: Sat Jul 1 21:58:10 2017 +0930 | ||
4 | |||
5 | Use bfd_malloc_and_get_section | ||
6 | |||
7 | It's nicer than xmalloc followed by bfd_get_section_contents, since | ||
8 | xmalloc exits on failure and needs a check that its size_t arg doesn't | ||
9 | lose high bits when converted from bfd_size_type. | ||
10 | |||
11 | PR binutils/21665 | ||
12 | * objdump.c (strtab): Make var a bfd_byte*. | ||
13 | (disassemble_section): Don't limit malloc size. Instead, use | ||
14 | bfd_malloc_and_get_section. | ||
15 | (read_section_stabs): Use bfd_malloc_and_get_section. Return | ||
16 | bfd_byte*. | ||
17 | (find_stabs_section): Remove now unnecessary cast. | ||
18 | * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free | ||
19 | contents on error return. | ||
20 | * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section. | ||
21 | |||
22 | Upstream-Status: Backport | ||
23 | |||
24 | CVE: CVE-2017-9955 | ||
25 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
26 | |||
27 | Index: git/binutils/nlmconv.c | ||
28 | =================================================================== | ||
29 | --- git.orig/binutils/nlmconv.c 2017-09-21 18:14:15.792797232 +0530 | ||
30 | +++ git/binutils/nlmconv.c 2017-09-21 18:14:15.776797105 +0530 | ||
31 | @@ -1224,7 +1224,7 @@ | ||
32 | const char *inname; | ||
33 | asection *outsec; | ||
34 | bfd_size_type size; | ||
35 | - void *contents; | ||
36 | + bfd_byte *contents; | ||
37 | long reloc_size; | ||
38 | bfd_byte buf[4]; | ||
39 | bfd_size_type add; | ||
40 | @@ -1240,9 +1240,7 @@ | ||
41 | contents = NULL; | ||
42 | else | ||
43 | { | ||
44 | - contents = xmalloc (size); | ||
45 | - if (! bfd_get_section_contents (inbfd, insec, contents, | ||
46 | - (file_ptr) 0, size)) | ||
47 | + if (!bfd_malloc_and_get_section (inbfd, insec, &contents)) | ||
48 | bfd_fatal (bfd_get_filename (inbfd)); | ||
49 | } | ||
50 | |||
51 | Index: git/binutils/objdump.c | ||
52 | =================================================================== | ||
53 | --- git.orig/binutils/objdump.c 2017-09-21 18:14:15.792797232 +0530 | ||
54 | +++ git/binutils/objdump.c 2017-09-21 18:23:30.420895459 +0530 | ||
55 | @@ -180,7 +180,7 @@ | ||
56 | static bfd_byte *stabs; | ||
57 | static bfd_size_type stab_size; | ||
58 | |||
59 | -static char *strtab; | ||
60 | +static bfd_byte *strtab; | ||
61 | static bfd_size_type stabstr_size; | ||
62 | |||
63 | static bfd_boolean is_relocatable = FALSE; | ||
64 | @@ -2037,33 +2037,13 @@ | ||
65 | } | ||
66 | rel_ppend = rel_pp + rel_count; | ||
67 | |||
68 | - /* PR 21665: Check for overlarge datasizes. | ||
69 | - Note - we used to check for "datasize > bfd_get_file_size (abfd)" but | ||
70 | - this fails when using compressed sections or compressed file formats | ||
71 | - (eg MMO, tekhex). | ||
72 | - | ||
73 | - The call to xmalloc below will fail if too much memory is requested, | ||
74 | - which will catch the problem in the normal use case. But if a memory | ||
75 | - checker is in use, eg valgrind or sanitize, then an exception will | ||
76 | - be still generated, so we try to catch the problem first. | ||
77 | - | ||
78 | - Unfortunately there is no simple way to determine how much memory can | ||
79 | - be allocated by calling xmalloc. So instead we use a simple, arbitrary | ||
80 | - limit of 2Gb. Hopefully this should be enough for most users. If | ||
81 | - someone does start trying to disassemble sections larger then 2Gb in | ||
82 | - size they will doubtless complain and we can increase the limit. */ | ||
83 | -#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */ | ||
84 | - if (datasize > MAX_XMALLOC) | ||
85 | + if (!bfd_malloc_and_get_section (abfd, section, &data)) | ||
86 | { | ||
87 | - non_fatal (_("Reading section %s failed because it is too big (%#lx)"), | ||
88 | - section->name, (unsigned long) datasize); | ||
89 | + non_fatal (_("Reading section %s failed because: %s"), | ||
90 | + section->name, bfd_errmsg (bfd_get_error ())); | ||
91 | return; | ||
92 | } | ||
93 | |||
94 | - data = (bfd_byte *) xmalloc (datasize); | ||
95 | - | ||
96 | - bfd_get_section_contents (abfd, section, data, 0, datasize); | ||
97 | - | ||
98 | paux->sec = section; | ||
99 | pinfo->buffer = data; | ||
100 | pinfo->buffer_vma = section->vma; | ||
101 | @@ -2579,12 +2559,11 @@ | ||
102 | /* Read ABFD's stabs section STABSECT_NAME, and return a pointer to | ||
103 | it. Return NULL on failure. */ | ||
104 | |||
105 | -static char * | ||
106 | +static bfd_byte * | ||
107 | read_section_stabs (bfd *abfd, const char *sect_name, bfd_size_type *size_ptr) | ||
108 | { | ||
109 | asection *stabsect; | ||
110 | - bfd_size_type size; | ||
111 | - char *contents; | ||
112 | + bfd_byte *contents; | ||
113 | |||
114 | stabsect = bfd_get_section_by_name (abfd, sect_name); | ||
115 | if (stabsect == NULL) | ||
116 | @@ -2593,10 +2572,7 @@ | ||
117 | return FALSE; | ||
118 | } | ||
119 | |||
120 | - size = bfd_section_size (abfd, stabsect); | ||
121 | - contents = (char *) xmalloc (size); | ||
122 | - | ||
123 | - if (! bfd_get_section_contents (abfd, stabsect, contents, 0, size)) | ||
124 | + if (!bfd_malloc_and_get_section (abfd, stabsect, &contents)) | ||
125 | { | ||
126 | non_fatal (_("reading %s section of %s failed: %s"), | ||
127 | sect_name, bfd_get_filename (abfd), | ||
128 | @@ -2606,7 +2582,7 @@ | ||
129 | return NULL; | ||
130 | } | ||
131 | |||
132 | - *size_ptr = size; | ||
133 | + *size_ptr = bfd_section_size (abfd, stabsect); | ||
134 | |||
135 | return contents; | ||
136 | } | ||
137 | @@ -2733,8 +2709,7 @@ | ||
138 | |||
139 | if (strtab) | ||
140 | { | ||
141 | - stabs = (bfd_byte *) read_section_stabs (abfd, section->name, | ||
142 | - &stab_size); | ||
143 | + stabs = read_section_stabs (abfd, section->name, &stab_size); | ||
144 | if (stabs) | ||
145 | print_section_stabs (abfd, section->name, &sought->string_offset); | ||
146 | } | ||
147 | Index: git/binutils/ChangeLog | ||
148 | =================================================================== | ||
149 | --- git.orig/binutils/ChangeLog 2017-09-21 18:13:09.052268892 +0530 | ||
150 | +++ git/binutils/ChangeLog 2017-09-21 18:25:00.195937741 +0530 | ||
151 | @@ -4,6 +4,19 @@ | ||
152 | * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty | ||
153 | string whilst concatenating symbol names. | ||
154 | |||
155 | +2017-07-01 Alan Modra <amodra@gmail.com> | ||
156 | + | ||
157 | + PR binutils/21665 | ||
158 | + * objdump.c (strtab): Make var a bfd_byte*. | ||
159 | + (disassemble_section): Don't limit malloc size. Instead, use | ||
160 | + bfd_malloc_and_get_section. | ||
161 | + (read_section_stabs): Use bfd_malloc_and_get_section. Return | ||
162 | + bfd_byte*. | ||
163 | + (find_stabs_section): Remove now unnecessary cast. | ||
164 | + * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free | ||
165 | + contents on error return. | ||
166 | + * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section. | ||
167 | + | ||
168 | 2017-06-30 Nick Clifton <nickc@redhat.com> | ||
169 | |||
170 | PR binutils/21665 | ||